The purpose of this blogpost is to formally introduce the certReport tool. The blog post will explain the tool’s function and give examples as to how to use it.
Category Archives: Certificate Abuse
Impostor Certificates
It is common for malware to be signed with code signing certificates.
How is this possible? Impostors receive the cert directly and sign malware.
In this blog-post, we look at 100 certs used by Solarmarker malware to learn more.
Certified Bad
Authenticode Certificates are intended to ensure that software is created by vetted parties and that the software can be trusted; however, malware is often signed with valid Authenticode certificates and the process for signing malware and the implications are often misunderstood within InfoSec. This post takes a deep dive into my research on certificate abuse.
Squiblydoo.blog 